Senior Manager, IT Information Security

<div class="content-intro"><p><span style="font-size: 14pt;"><strong>Company introduction:</strong></span></p> <p><span style="font-size: 12pt;">Compass Pathways plc (Nasdaq: CMPS) is a biotechnology company dedicated to accelerating patient access to evidence-based innovation in mental health. The Company is headquartered in London, UK, with offices in New York City in the US. We focus on developing novel treatments that have the potential to improve the lives of those who are suffering with mental health conditions and who are not helped by current treatments.   </span></p> <p><span style="font-size: 12pt;">We are pioneering a new paradigm for treating mental health conditions focused on rapid and durable responses through the development of our investigational COMP360 synthetic psilocybin treatment, potentially a first in class treatment. COMP360 has Breakthrough Therapy designation from the US Food and Drug Administration (FDA) and has received Innovative Licensing and Access Pathway (ILAP) designation in the UK for treatment-resistant depression (TRD) due to the pressing unmet need in this area. </span></p> <p><span style="font-size: 12pt;">We are currently in phase 3 for TRD, have completed phase 2 studies for both post-traumatic stress disorder (PTSD) and anorexia nervosa and are planning a further late-stage study in PTSD. We envision a world where mental health means not just the absence of illness but the ability to thrive. - </span><a style="font-size: 12pt;" href="https://compasspathways.com/">Compass Pathways</a><span style="font-size: 12pt;">.</span></p></div><p><span style="font-size: 14pt;"><strong>Job overview:</strong></span></p> <p><span style="font-size: 12pt;">Compass Pathways is entering a critical phase as we prepare for commercial launch and expansion of our data and technology footprint. We are seeking a hands-on, execution-focused Senior Manager, IT Information Security to lead the development, implementation, and day-to-day operation of the company’s cybersecurity program.</span></p> <p><span style="font-size: 12pt;">This role is responsible for protecting company systems, data, and users, ensuring compliance with regulatory requirements (including GxP, SOX ITGCs, and data privacy obligations), and strengthening the organization’s security posture as we scale.</span></p> <p><span style="font-size: 12pt;">The role operates with a high degree of ownership while collaborating closely with IT leadership, and external partners.</span></p> <p><strong><span style="font-size: 14pt;">Reports to:</span></strong> <span style="font-size: 12pt;">VP, Information Technology.</span></p> <p><span style="font-size: 14pt;"><strong>Location:</strong></span> <span style="font-size: 12pt;">US (East Coast) or UK (London area).</span></p> <p><span style="font-size: 14pt;"><strong>Roles and responsibilities&nbsp;<br></strong>(<em>Include but are not limited to</em>):&nbsp;</span></p> <ul> <li style="font-size: 12pt;"><strong><span style="font-size: 12pt;">Security Program Leadership &amp; Execution</span></strong> <ul> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Lead implementation and improvement of the cybersecurity program</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Develop security policies, standards, and procedures</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Support transition to a risk-based security model</span></li> </ul> </li> <li style="font-size: 12pt;"><strong><span style="font-size: 12pt;">Threat Detection, Monitoring &amp; Incident Response</span></strong> <ul> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Oversee monitoring and alerting with SOC partners</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Manage incident response processes and reporting</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Coordinate response and reporting of security events</span></li> </ul> </li> <li style="font-size: 12pt;"><strong><span style="font-size: 12pt;">Vulnerability Management &amp; Security Operations</span></strong> <ul> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Lead vulnerability management lifecycle</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Partner with IT teams on remediation</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Ensure controls across endpoints, cloud, and applications</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Support identity and access controls</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Establish and manage cyber security KPI’s and metrics</span></li> </ul> </li> <li style="font-size: 12pt;"><strong><span style="font-size: 12pt;">Compliance, Risk &amp; Data Protection</span></strong> <ul> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Support SOX ITGC controls and audits</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Ensure protection of sensitive data</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Participate in cyber security risk assessments and vendor assessments</span></li> </ul> </li> <li style="font-size: 12pt;"><strong><span style="font-size: 12pt;">Security Awareness &amp; Training</span></strong> <ul> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Lead awareness programs and phishing simulations</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Promote security culture</span></li> </ul> </li> <li style="font-size: 12pt;"><strong><span style="font-size: 12pt;">Vendor &amp; Stakeholder Management</span></strong> <ul> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Manage third-party security vendors</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Partner with IT, Legal, and Compliance</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Report on security posture and risks</span></li> </ul> </li> </ul> <p><span style="font-size: 14pt;"><strong>Candidate Profile:</strong></span></p> <ul> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Bachelor’s degree in IT, Cyber security, or related field</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">8–10 years of IT experience with 4+ years in security</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Hands-on experience across key security domains</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Experience in regulated environments</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Knowledge of security frameworks (NIST, ISO 27001)</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Experience with SOC or MSP providers</span></li> </ul> <p><span style="font-size: 12pt;"><strong>Preferred Qualifications</strong></span></p> <ul> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Experience supporting commercialization</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Familiarity with GxP and SOX controls</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Experience securing healthcare or patient data</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Experience with Microsoft 365 security</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Certifications (CISSP, CISM, Security+)</span></li> </ul> <p><span style="font-size: 12pt;"><strong>Key Competencies</strong></span></p> <ul> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Execution focus</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Risk-based mindset</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Strong communication</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Cross-functional collaboration</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">Attention to detail</span></li> </ul><div class="content-pay-transparency"><div class="pay-input"><div class="description"><p><span style="font-size: 16px;"><strong>【For NYC】Compensation Description (annually):</strong></span></p> <p><span style="font-size: 16px;">Please note that the base salary range is a guideline, and individual total compensation will vary based on factors such as qualifications, skill level, competencies, and work location.</span></p> <p><span style="font-size: 16px;">Base pay is one part of the Total Package that is provided to compensate and recognise employees for their work and any role at Compass, regardless of the location, is eligible for additional discretionary bonuses and equity.</span></p></div><div class="title">【Base salary per annum】:</div><div class="pay-range"><span>$150,000</span><span class="divider">&mdash;</span><span>$190,000 USD</span></div></div></div><div class="content-conclusion"><h2 style="line-height: 1;"><span style="font-size: 14pt;"><strong>Benefits &amp; Compensation:</strong></span></h2> <p style="line-height: 1;"><span style="font-size: 12pt;">For an overview of our benefits package and compensation information, please visit &nbsp;"<a href="https://compasspathways.com/join-us/">Working at Compass</a>". <strong>&nbsp;</strong></span></p> <h2 style="line-height: 1;"><span style="font-size: 14pt;"><strong>Equal opportunities:&nbsp;<br></strong></span></h2> <p style="line-height: 1.2;"><span style="font-size: 12pt;"><strong>Reasonable accommodation<br><br></strong>We are committed to building a workplace where everyone’s wellbeing matters. If you need reasonable accommodation during the interview process to be at your best, please let our recruiting team know.&nbsp;</span></p> <p style="line-height: 1;"><span style="font-size: 12pt;"><strong>UK applicants</strong></span></p> <p style="line-height: 1.2;"><span style="font-size: 12pt;">We are proud of our commitment to diversity and equality (pursuant to the Equality Act 2010). We do not discriminate based upon race, religion or belief, colour, nationality, ethnic or national origin, gender, pregnancy or maternity, marital or civil partner status, sexual orientation, gender reassignment, age or disability.</span></p> <p style="line-height: 1;"><span style="font-size: 12pt;"><strong>US applicants</strong></span></p> <p style="line-height: 1.2;"><span style="font-size: 12pt;">Compass Pathways is proud to be an equal opportunity employer. All employment decisions are based on business needs, job requirements, and individual qualifications, without regard to race, religion, color, national origin, sex (including pregnancy, childbirth, and related medical conditions), ethnicity, age, disability, sexual orientation, gender identity, gender expression, military service, genetic information, familial or marital status, or any other status, category, or characteristic protected by applicable law.</span></p> <h2 style="line-height: 1;"><strong><span style="font-size: 12pt;"><span style="font-size: 14pt;">Sponsorship</span>:</span></strong></h2> <p style="line-height: 1;"><span style="font-size: 12pt;">Unfortunately, we cannot sponsor employment visas and can only accept applications if you have employment rights in the country to which you are applying.</span></p> <h2 style="line-height: 1;"><span style="font-size: 14pt;"><strong>Data Privacy:</strong></span></h2> <p style="line-height: 1;"><span style="font-size: 12pt;">All data is confidential and protected by all legal and data privacy requirements, please see our recruitment <a href="https://compasspathways.com/recruitment-candidates-privacy-notice/" target="_blank">Privacy Notice</a> to learn more about how we process personal data.</span></p></div>